Firewall Wizards mailing list archives

RE: Security of HTTPS

From: Servie Platon <servie_tech () yahoo com>
Date: Fri, 26 Nov 2004 16:08:47 -0800 (PST)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi folks,

I'm so sorry for the messed up email before, my
apologies. 

I am not the original poster to this thread but after
reading the white paper on the SANS web site made me a
little bit weary of the possibilities which I am
posting my question based on the topic of MITM attack.

1. How does the cracker hone in to attack a preferred
network of choice? Do they just port scan the internet
and once it finds one would do the MITM and pose as a
legit web site?

2. Do they pose as legit web sites to unsuspecting
users, or hiding in the guise of a famous web site but
in fact doing a MITM attack?

Most people now adays, make online transactions such
as buying, selling and other e-commerce type of thing.
After reading the whitepaper makes me think twice if
it is really safe using HTTPS despite the guarantees
being stated by such sites?

Any tips, suggestions, as well as explanations as to
how this is done and how to avoid such a thing from
occuring would mean a lot so that we could limit the
chances of being victimized in the future.

Thanks in advance.

Sincerely,
Servie

- --- Jean-Denis Gorin <jdg_cnce2004 () yahoo fr> wrote:


Lot of papers about SSL Man In the Middle attack.
For
example, on the SANS web site:
  http://www.sans.org/rr/whitepapers/threats/480.php

Some kind of proxies use this to enable content
filtering of HTTPS traffic...

  JDG

From Alex Bihlmaier


Good Morning.



I am curious how strong the security of https can

be.

Is there some possibility of a MITM attack?
Are there any papers out there outlining this

aspect

of security?



//thalunil



    

    
        
Vous manquez despace pour stocker vos mails ? 
Yahoo! Mail vous offre GRATUITEMENT 100 Mo !
Créez votre Yahoo! Mail sur
http://fr.benefits.yahoo.com/

Le nouveau Yahoo! Messenger est arrivé ! Découvrez
toutes les nouveautés pour dialoguer instantanément
avec vos amis. A télécharger gratuitement sur
http://fr.messenger.yahoo.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com

http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.92 (MingW32) - GPGshell v3.23

iD8DBQFBp8VuyQgrZePdA38RAhCyAJ9eN2yeoM/hccuBm7xFPI82jIY6KgCfedzA
KaKBtRpn4XXtSzj4Dkq2L70=
=dZR/
-----END PGP SIGNATURE-----
Hi folks,

I'm so sorry for the messed up email before, my
apologies. 

I am not the original poster to this thread but after
reading the white paper on the SANS web site made me a
little bit weary of the possibilities which I am
posting my question based on the topic of MITM attack.

1. How does the cracker hone in to attack a preferred
network of choice? Do they just port scan the internet
and once it finds one would do the MITM and pose as a
legit web site?

2. Do they pose as legit web sites to unsuspecting
users, or hiding in the guise of a famous web site but
in fact doing a MITM attack?

Most people now adays, make online transactions such
as buying, selling and other e-commerce type of thing.
After reading the whitepaper makes me think twice if
it is really safe using HTTPS despite the guarantees
being stated by such sites?

Any tips, suggestions, as well as explanations as to
how this is done and how to avoid such a thing from
occuring would mean a lot so that we could limit the
chances of being victimized in the future.

Thanks in advance.

Sincerely,
Servie

--- Jean-Denis Gorin <jdg_cnce2004 () yahoo fr> wrote:


Lot of papers about SSL Man In the Middle attack.
For
example, on the SANS web site:
  http://www.sans.org/rr/whitepapers/threats/480.php

Some kind of proxies use this to enable content
filtering of HTTPS traffic...

  JDG

From Alex Bihlmaier


Good Morning.



I am curious how strong the security of https can

be.

Is there some possibility of a MITM attack?
Are there any papers out there outlining this

aspect

of security?



//thalunil



      

      
              
Vous manquez despace pour stocker vos mails ? 
Yahoo! Mail vous offre GRATUITEMENT 100 Mo !
Créez votre Yahoo! Mail sur
http://fr.benefits.yahoo.com/

Le nouveau Yahoo! Messenger est arrivé ! Découvrez
toutes les nouveautés pour dialoguer instantanément
avec vos amis. A télécharger gratuitement sur
http://fr.messenger.yahoo.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com

http://honor.icsalabs.com/mailman/listinfo/firewall-wizards



__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

RE: Security of HTTPS, (continued)
- RE: Security of HTTPS lordchariot (Nov 27)
  - RE: Security of HTTPS Frank Knobbe (Nov 27)
    - Re: Security of HTTPS Ng Pheng Siong (Nov 28)
    - Re: Security of HTTPS Frank Knobbe (Nov 28)
    - Re: Security of HTTPS Ng Pheng Siong (Nov 28)
    - Re: Security of HTTPS Frank Knobbe (Nov 28)
  - Re: Security of HTTPS Shimon Silberschlag (Nov 28)
    - Re: Security of HTTPS Kevin Sheldrake (Nov 28)
    - Re: Security of HTTPS Ng Pheng Siong (Nov 28)
- RE: Security of HTTPS Jean-Denis Gorin (Nov 23)
  - RE: Security of HTTPS Servie Platon (Nov 27)
    - RE: Security of HTTPS Paul D. Robertson (Nov 27)
    - Re: Security of HTTPS Kevin Sheldrake (Nov 27)